Cloud Security Audit for Financial Institutions Training Course

Description:

This 2-day CCSK Plus course builds upon the CCSK Foundation content by adding an extensive second day dedicated to hands-on labs. Participants will put their knowledge into practice through a series of exercises centered around a scenario where a fictional organization transitions securely to the cloud. Upon completion, students will be well-prepared for the CCSK certification exam, which is sponsored by the Cloud Security Alliance. While the second day includes some additional lectures, the majority of the time is spent assessing, building, and securing a cloud infrastructure during practical exercises.

Objectives:

This two-day program begins with CCSK- Basic training, followed by a second day featuring advanced content and hands-on activities.

Target Audience:

This course is designed for security professionals but is also valuable for anyone seeking to broaden their understanding of cloud security.

The adoption of cloud technologies transforms how applications are developed, deployed, and maintained. This shift alters the division of responsibility between service providers and customers, while introducing cloud-native platforms—such as containers, serverless computing, and managed services—that demand updated security controls. Consequently, security strategies must encompass infrastructure hardening, identity and access management, data protection, secure development methodologies, and mitigation of cloud-specific threats.

This instructor-led live training, available online or onsite, is designed for intermediate-level developers, security engineers, and IT managers seeking practical, hands-on skills to secure cloud applications and their underlying infrastructure. Participants will learn repeatable controls and assessment techniques aligned with current industry frameworks and cloud provider guidelines.

Upon completion of this training, participants will be able to:

• Articulate the cloud shared-responsibility model and apply its principles to application security decisions.
• Harden cloud infrastructure (IaaS), secure platform services (PaaS), and evaluate SaaS configurations.
• Implement secure coding standards and OWASP-based mitigation patterns for cloud-hosted applications.
• Integrate security tooling into CI/CD pipelines (including SAST, DAST, IAST, and RASP) and adopt shift-left security practices.

Course Format

• Interactive lectures and discussions supported by live demonstrations.
• Practical labs utilizing cloud consoles, containers, serverless functions, and CI/CD pipelines.
• Hands-on exercises covering secure configuration, vulnerability scanning, attack simulation, and remediation planning.

Customization Options

• For customized training arrangements, please contact us directly.

This course delivers hands-on expertise in OpenStack and private cloud security. Beginning with a system introduction, participants gain practical insights into securing private cloud environments and hardening OpenStack installations. Throughout the training, each core OpenStack module is explored in depth; learners construct virtual identities, images, networks, compute, and storage resources while addressing critical security considerations. Every participant receives a dedicated training environment featuring a full OpenStack deployment tailored to specific cloud architectures (e.g., storage, networking). The curriculum can be highly customized to align with client-specific requirements.

Customization options
The training duration can be condensed to 2 days, concentrating on the core areas most relevant to the customer. Alternatively, it can be expanded to cover administrative, design, networking, and troubleshooting topics related to OpenStack deployments.